Security Incidents mailing list archives

Re: ftp warez server snake ?

From: Andreas Putzo <andreas () inferno nadir org>
Date: Wed, 8 Dec 2004 18:44:36 +0100

Hello,

Am Mittwoch, 8. Dezember 2004 16:58 schrieb Andrew Smith:

Certainly compromised, probably pubstro. "snake server" will be an FTP
server with a obscure banner to confuse you. The "auth server" is an
identd server running, probably, for an XDCC bot. You might try and
compromise it again, to uninstall the ftp/xdcc/identd..but it may well
have been secured.


I know, that the banner was obfuscated, but i thought, it could be 
"standard" banner for worm xyz.
Also, the identd is no real identd, because it simply puts the mentioned 
output on the wire. As far as i know, on identd you have to input
<server port>, <client port> to get a result.
Anyway, thank you all for your help.

regards,
andreas

Current thread:

ftp warez server snake ? Andreas Putzo (Dec 07)
- Re: ftp warez server snake ? Peter Moody (Dec 07)
  - Re: ftp warez server snake ? Andrew Smith (Dec 08)
    - Re: ftp warez server snake ? Andreas Putzo (Dec 08)
  - Re: ftp warez server snake ? M. Shirk (Dec 08)
- Re: ftp warez server snake ? Bob User (Dec 08)
- <Possible follow-ups>
- Re: ftp warez server snake ? H Carvey (Dec 08)